Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/02/21

[***]            Summary:            [***]

3 new Open, 29 new Pro (3 + 26). Detplock, Orsam, Mirai, Various Phishing,
Ongoing Rule Pruning.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2029525 - ET CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2020-02-21) (current_events.rules)
  2029526 - ET CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2020-02-21 2) (current_events.rules)
  2029527 - ET CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2020-02-21 3) (current_events.rules)

 Pro:

  2841137 - ETPRO TROJAN Unk.VBSLoader Retrieving Payload (trojan.rules)
  2841138 - ETPRO MALWARE Win32/Adload Retrieving EXE (malware.rules)
  2841139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-21 1) (trojan.rules)
  2841140 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-21 2) (trojan.rules)
  2841141 - ETPRO CURRENT_EVENTS Successful ING Phish 2020-02-21
(current_events.rules)
  2841142 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-02-21
(current_events.rules)
  2841143 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-02-21 (current_events.rules)
  2841144 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-02-21
(current_events.rules)
  2841145 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-02-21
(current_events.rules)
  2841146 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841147 - ETPRO CURRENT_EVENTS Possible Successful Microsoft OneDrive
Phish 2020-02-21 (current_events.rules)
  2841148 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-02-21 (current_events.rules)
  2841149 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841150 - ETPRO CURRENT_EVENTS Possible Successful Office 365 Phish
2020-02-21 (current_events.rules)
  2841151 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841152 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841153 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841154 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841155 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
  2841156 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2841157 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2841158 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2841159 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2841160 - ETPRO TROJAN MSIL.TScope Checkin 12 SendClientInfo
(trojan.rules)
  2841161 - ETPRO TROJAN Win32.Orsam/Cosmo Checkin 4 (trojan.rules)
  2841162 - ETPRO TROJAN Win32/Detplock Variant CnC Activity (trojan.rules)

 [///]     Modified active rules:     [///]

  2003337 - ET MALWARE Suspicious User Agent (Autoupdate) (malware.rules)
  2004023 - ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt --
account_change.php style SELECT (web_specific_apps.rules)
  2005850 - ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection
Attempt -- usermgr.php gid DELETE (web_specific_apps.rules)
  2006022 - ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt --
user.php passwordNew UNION SELECT (web_specific_apps.rules)
  2006116 - ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL
Injection Attempt -- members.asp sent UPDATE (web_specific_apps.rules)
  2006145 - ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection
Attempt -- bus_details.asp ID ASCII (web_specific_apps.rules)
  2019359 - ET CURRENT_EVENTS Nuclear EK Payload URI Struct Oct 5 2014
(current_events.rules)
  2020339 - ET TROJAN f0xy Checkin (trojan.rules)
  2020858 - ET EXPLOIT Linksys WRT54GL Router DNS Change POST Request
(exploit.rules)
  2021247 - ET TROJAN Possible Duqu 2.0 Request (trojan.rules)
  2021259 - ET TROJAN Win32/Agent.WVW CnC Beacon 3 (trojan.rules)
  2021278 - ET TROJAN Backdoor.Elise CnC Beacon 3 M2 (trojan.rules)
  2021293 - ET CURRENT_EVENTS KaiXin Secondary Landing Page
(current_events.rules)
  2021407 - ET CURRENT_EVENTS HanJuan EK Current Campaign Landing URI
Struct Jul 10 2015 (current_events.rules)
  2021626 - ET TROJAN Hacking Team Elite Windows Implant Exfiltration
(trojan.rules)
  2021627 - ET TROJAN Hacking Team Scout Windows Implant Exfiltration
(trojan.rules)
  2021628 - ET TROJAN Hacking Team Android Implant Exfiltration
(trojan.rules)
  2021629 - ET TROJAN Hacking Team Implant Exfiltration (trojan.rules)
  2022070 - ET CURRENT_EVENTS Possible Evil Redirector Leading to EK Nov 09
2015 M1 (current_events.rules)
  2022071 - ET CURRENT_EVENTS Possible Evil Redirector Leading to EK Nov 09
2015 M2 (current_events.rules)
  2022582 - ET TROJAN jFect HTTP CnC Checkin (trojan.rules)
  2022652 - ET INFO Possible WinHttpRequest (no .exe) (info.rules)
  2822181 - ETPRO TROJAN Bolek HTTP Checkin (trojan.rules)
  2828270 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload Oct 11 2017
(current_events.rules)
  2828353 - ETPRO TROJAN Known Malicious Downloader Pattern 20 Oct 2017
(trojan.rules)
  2828446 - ETPRO TROJAN MSIL/Unknown Downloader Activity (trojan.rules)
  2829689 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 15
(mobile_malware.rules)
  2829878 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.on Checkin
(mobile_malware.rules)
  2829880 - ETPRO MOBILE_MALWARE Android/Agent.AMP Checkin
(mobile_malware.rules)
  2829915 - ETPRO TROJAN Donot Team YTY Framework Requesting Commands from
CnC (trojan.rules)
  2830126 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bh Checkin 4
(mobile_malware.rules)
  2830127 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.ba Checkin
(mobile_malware.rules)
  2830151 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.CV Checkin
(mobile_malware.rules)
  2830345 - ETPRO MOBILE_MALWARE Android/Monitor.Humanspy.C CnC Beacon
(mobile_malware.rules)
  2830995 - ETPRO TROJAN MSIL/Supreme Miner CnC Checkin (trojan.rules)
  2839724 - ETPRO TROJAN Win32/Delf.BBD Variant CnC Activity (trojan.rules)

 [---]  Disabled and modified rules:  [---]

  2013116 - ET SCAN Potential muieblackcat scanner double-URI and HTTP
library (scan.rules)
  2019676 - ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 07 2014
(current_events.rules)
  2019845 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF (current_events.rules)
  2019846 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF (current_events.rules)
  2019873 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Payload
(current_events.rules)
  2019917 - ET CURRENT_EVENTS Nuclear EK SilverLight Exploit
(current_events.rules)
  2020317 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SilverLight M2
(current_events.rules)
  2021508 - ET CURRENT_EVENTS NullHole URI Struct Jul 22 2015 M3
(current_events.rules)
  2021620 - ET CURRENT_EVENTS Nuclear EK Exploit URI Struct Aug 12
(current_events.rules)
  2021764 - ET CURRENT_EVENTS Possible Spartan EK Secondary Flash Exploit
DL M2 (current_events.rules)
  2022090 - ET CURRENT_EVENTS Possible Nuclear EK Nov 13 2015 Landing URI
struct (current_events.rules)
  2022112 - ET CURRENT_EVENTS Possible Nuclear EK Landing Nov 17 2015
(current_events.rules)
  2809711 - ETPRO TROJAN Backdoor.Win32.Androm.gezi SSL Cert (trojan.rules)
  2809899 - ETPRO TROJAN Trojan-Ransom.Win32.Foreign.lrov SSL Certificate
(trojan.rules)
  2809925 - ETPRO TROJAN Win32/Spy.Shiz.NCO SSL Cert (trojan.rules)
  2810080 - ETPRO TROJAN Win32/Teerac.A Ransomware SSL Cert (trojan.rules)
  2815221 - ETPRO CURRENT_EVENTS Nuclear EK Flash Exploit Dec 03 2015
(current_events.rules)
  2815222 - ETPRO CURRENT_EVENTS Nuclear EK Flash Exploit Dec 03 2015
(current_events.rules)
  2815808 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M1 with
URI Primer (current_events.rules)
  2815809 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M2 with
URI Primer (current_events.rules)

 [---]         Disabled rules:        [---]

  2014316 - ET CURRENT_EVENTS DRIVEBY Incognito libtiff PDF Exploit
Recieved (current_events.rules)
  2014539 - ET CURRENT_EVENTS Malicious TDS /indigo? (current_events.rules)
  2014751 - ET CURRENT_EVENTS Nuclear/Safe/CritX/FlashPack - Java Request -
32char hex-ascii (current_events.rules)
  2015742 - ET TROJAN SSL Cert Used In Unknown Exploit Kit (trojan.rules)
  2019123 - ET TROJAN Cryptolocker .onion Proxy Domain (erhitnwfvpgajfbu)
(trojan.rules)
  2019124 - ET TROJAN Cryptolocker .onion Proxy Domain in SNI (trojan.rules)
  2019188 - ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 Sept 17 2014
 (current_events.rules)
  2019210 - ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF (current_events.rules)
  2019363 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TeslaCrypt) (trojan.rules)
  2019388 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS CnC) (trojan.rules)
  2019635 - ET TROJAN ROM/BackOff C2 SSL Cert (trojan.rules)
  2019642 - ET CURRENT_EVENTS Possible Sweet Orange redirection Nov 4 2014
(current_events.rules)
  2019649 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019679 - ET TROJAN Archie EK Payload Checkin POST (trojan.rules)
  2019839 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019923 - ET TROJAN Win32/Dalexis.A Possible SSL Cert (smartoptionsinc.com)
(trojan.rules)
  2020226 - ET TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2020229 - ET TROJAN DNS Query for Suspicious proxy2-2-2.i2p Domain -
Possible CryptoWall Activity (trojan.rules)
  2020230 - ET TROJAN DNS Query for Suspicious proxy3-3-3.i2p Domain -
Possible CryptoWall Activity (trojan.rules)
  2020231 - ET TROJAN DNS Query for Suspicious proxy4-4-4.i2p Domain -
Possible CryptoWall Activity (trojan.rules)
  2020236 - ET CURRENT_EVENTS Nuclear EK Landing Jan 21 2014
(current_events.rules)
  2020265 - ET TROJAN Scieron DNS Lookup (newdyndns.scieron.com)
(trojan.rules)
  2020269 - ET TROJAN Scieron DNS Lookup (rubberduck.gotgeeks.com)
(trojan.rules)
  2020291 - ET CURRENT_EVENTS Possible Sweet Orange redirection Jan 22 2015
(current_events.rules)
  2020311 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF M2
(current_events.rules)
  2020319 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Jan 27 2015 M2
(current_events.rules)
  2020340 - ET TROJAN f0xy Checkin (trojan.rules)
  2020354 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Feb 03 2015 M2
(current_events.rules)
  2020357 - ET TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2020409 - ET CURRENT_EVENTS Evil Redirector Leading to EK Feb 11 2015
Blog (current_events.rules)
  2020429 - ET CURRENT_EVENTS Uknown EK Java Exploit (current_events.rules)
  2020477 - ET CURRENT_EVENTS KaiXin EK Possible Jar Download
(current_events.rules)
  2020564 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020567 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020582 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (CryptoLocker CnC) (trojan.rules)
  2020616 - ET TROJAN Teerac/CryptoFortress .onion Proxy Domain
(h63rbx7gkd3gygag) (trojan.rules)
  2020625 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2020687 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020688 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020689 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2020697 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020735 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2020760 - ET TROJAN Vawtrak/NeverQuest .onion Proxy Domain
(4bpthx5z4e7n6gnb) (trojan.rules)
  2020802 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2020832 - ET CURRENT_EVENTS Evil Redirector Leading to EK Apr 2 2015
(current_events.rules)
  2020841 - ET CURRENT_EVENTS Nuclear EK Landing Apr 03 2015
(current_events.rules)
  2020842 - ET CURRENT_EVENTS Nuclear EK Landing Apr 03 2015
(current_events.rules)
  2020843 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020854 - ET CURRENT_EVENTS DRIVEBY Router DNS Changer Apr 07 2015
(current_events.rules)
  2020932 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020950 - ET CURRENT_EVENTS Sundown EK Landing Apr 20 2015
(current_events.rules)
  2020951 - ET CURRENT_EVENTS Sundown EK Flash Exploit Apr 20 2015
(current_events.rules)
  2020975 - ET CURRENT_EVENTS Nuclear EK Landing Apr 22 2015
(current_events.rules)
  2020983 - ET CURRENT_EVENTS Fiesta EK Java Exploit Apr 23 2015
(current_events.rules)
  2020988 - ET CURRENT_EVENTS Possible Sundown EK URI Struct T1 Apr 24 2015
(current_events.rules)
  2020990 - ET CURRENT_EVENTS Sundown EK Secondary Landing T1 M2 Apr 24
2015 (current_events.rules)
  2020992 - ET CURRENT_EVENTS Possible Sundown EK Payload Struct T2 M2 Apr
24 2015 (current_events.rules)
  2021014 - ET TROJAN TorrentLocker SSL Cert (trojan.rules)
  2021015 - ET TROJAN Win32/Ruckguv.A SSL Cert (trojan.rules)
  2021016 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021032 - ET TROJAN Malicious SSL Cert (KINS C2) (trojan.rules)
  2021054 - ET CURRENT_EVENTS Magnitude EK Flash Payload ShellCode Apr 23
2015 (current_events.rules)
  2021063 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021077 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain
(is6xsotjdy4qtgur) (trojan.rules)
  2021087 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021102 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
  2021106 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
  2021109 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021112 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
  2021121 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2021134 - ET TROJAN JavaScriptBackdoor SSL Cert (trojan.rules)
  2021136 - ET CURRENT_EVENTS Sundown EK Landing May 21 2015 M1
(current_events.rules)
  2021141 - ET CURRENT_EVENTS DNSChanger EK Landing URI Struct May 22 2015
(current_events.rules)
  2021155 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Yakes CnC) (trojan.rules)
  2021196 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Spy.Shiz CnC) (trojan.rules)
  2021219 - ET CURRENT_EVENTS KaiXin Secondary Landing Jun 09 2015
(current_events.rules)
  2021254 - ET TROJAN Torrentlocker C2 Domain in SNI (trojan.rules)
  2021260 - ET TROJAN Torrentlocker C2 SSL cert (trojan.rules)
  2021354 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021370 - ET TROJAN Dridex SSL Cert 30 June 2015 (trojan.rules)
  2021372 - ET TROJAN Dridex SSL Cert 1 July 2015 (trojan.rules)
  2021373 - ET CURRENT_EVENTS NullHole EK Landing URI struct
(current_events.rules)
  2021375 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi CnC) (trojan.rules)
  2021388 - ET TROJAN Likely Dridex SSL Cert (trojan.rules)
  2021397 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (CryptoLocker CnC) (trojan.rules)
  2022147 - ET TROJAN Matryoshka CnC Beacon 2 (trojan.rules)
  2022320 - ET WEB_CLIENT Tech Support Phone Scam Landing Dec 30 M2
(web_client.rules)
  2808900 - ETPRO TROJAN Chanitor .onion Proxy Domain (trojan.rules)
  2809273 - ETPRO CURRENT_EVENTS DRIVEBY Magnitude Landing Dec 03 2014
(current_events.rules)
  2809294 - ETPRO TROJAN Possible Win32/ProxyChanger.EO SSL Cert
 (trojan.rules)
  2809413 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809422 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809545 - ETPRO CURRENT_EVENTS KaiXin Exploit Kit Java Class Jan 19 2014
(current_events.rules)
  2809827 - ETPRO TROJAN Chanitor .onion Proxy Domain (trojan.rules)
  2809855 - ETPRO TROJAN Backdoor.Win32.Androm.ghhv Possible SSL Cert
(trojan.rules)
  2809871 - ETPRO TROJAN Chanitor .onion Proxy Domain (trojan.rules)
  2809923 - ETPRO TROJAN Win32/Spy.Shiz.NCO SSL Cert (trojan.rules)
  2809924 - ETPRO TROJAN Win32/Spy.Shiz.NCO SSL Cert (trojan.rules)
  2809966 - ETPRO TROJAN Cryptolocker .onion Proxy Domain
(7ziwuw5b2pbezpuy) (trojan.rules)
  2809967 - ETPRO TROJAN Cryptolocker .onion Proxy Domain
(4xau3z5os5byevya) (trojan.rules)
  2809987 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809994 - ETPRO POLICY DNS Query to .onion proxy Domain (balzakoptions.com)
(policy.rules)
  2810082 - ETPRO TROJAN Win32/Teerac.A Ransomware SSL Cert (trojan.rules)
  2810108 - ETPRO TROJAN Win32/Spy.Shiz SSL Cert (trojan.rules)
  2810109 - ETPRO TROJAN Win32/Spy.Shiz SSL Cert (trojan.rules)
  2810110 - ETPRO TROJAN Win32/Spy.Shiz SSL Cert (trojan.rules)
  2810131 - ETPRO TROJAN VaultCrypt .onion Proxy Domain (tj2es2lrxelpknfp)
(trojan.rules)
  2810132 - ETPRO TROJAN TorrentLocker .onion Proxy Domain
(ndvgtf27xkhdvezr) (trojan.rules)
  2810190 - ETPRO TROJAN Critroni .onion Proxy Domain (trojan.rules)
  2810282 - ETPRO TROJAN Win32/Escad Variant DNS Lookup (dns01.zzux.com)
(trojan.rules)
  2810292 - ETPRO TROJAN Chanitor .onion Proxy Domain (dugjdv7z3h5x4nrp)
(trojan.rules)
  2810298 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(inventorysu.1488) (trojan.rules)
  2810299 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(191WppkMigej32VwP4E7FBf58DtshP28FB) (trojan.rules)
  2810300 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(SZnXSyTLs4PRNWqnX2ajLk81NHkfeH28EJ) (trojan.rules)
  2810301 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(Lh1tA61DEfQBjTFhLmtysz71r5bbgzgntD) (trojan.rules)
  2810346 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4746e202) (trojan.rules)
  2810354 - ETPRO TROJAN Win32/Spy.Shiz SSL Cert (trojan.rules)
  2810363 - ETPRO CURRENT_EVENTS Malicious Redirect Leading to EK March 30
2015 (current_events.rules)
  2810364 - ETPRO TROJAN Chanitor .onion Proxy Domain (omi62yc6jtsd2q37)
(trojan.rules)
  2810381 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(tamaran.3) (trojan.rules)
  2810438 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(tatintior.Public) (trojan.rules)
  2810440 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(cake.user) (trojan.rules)
  2810457 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(493a0e00) (trojan.rules)
  2810458 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4a835202) (trojan.rules)
  2810459 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2cbca600) (trojan.rules)
  2810460 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48aed402) (trojan.rules)
  2810462 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4b182600) (trojan.rules)
  2810463 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(CheatKO.flxm2Gcg) (trojan.rules)
  2810464 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(474fbc03) (trojan.rules)
  2810466 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(49295a00) (trojan.rules)
  2810467 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4904cc01) (trojan.rules)
  2810491 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4b0e7200) (trojan.rules)
  2810688 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(kiribati.32) (trojan.rules)
  2810691 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(189EXddT6xht7zNHcA7BKAE7TXzSQU9gYy) (trojan.rules)
  2810692 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(CheatKO.uocw6Wws) (trojan.rules)
  2810693 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(mediaclickinc.5) (trojan.rules)
  2810694 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(14JqQame8ZXJZmoBiaKtufsLSL2EGaEXTf) (trojan.rules)
  2810695 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(16ChmdCLSTjkyWpuxwzhF5jAj9ZXof4Qfj) (trojan.rules)
  2810738 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(1LTSb2bdNHuNNmGnCWfVrxuDXWZ52Atubs) (trojan.rules)
  2810740 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(LZA8F5DgmTCTbdUR1AXpnvuVVFEXbKxcNH) (trojan.rules)
  2810741 - ETPRO TROJAN CoinMiner Known malicious stratum authline (16134)
(trojan.rules)
  2810742 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(Intercepter.1) (trojan.rules)
  2810749 - ETPRO TROJAN Win32/Cromptui.C Possible SSL Cert (trojan.rules)
  2810751 - ETPRO TROJAN Possible Dridex downloader SSL Certificate
(trojan.rules)
  2810790 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(CheatKO.udbn1Tai) (trojan.rules)
  2810880 - ETPRO CURRENT_EVENTS Nuclear EK Landing April 30 2015 M1
(current_events.rules)
  2810882 - ETPRO CURRENT_EVENTS Nuclear EK Landing April 30 2015 M3
(current_events.rules)
  2810894 - ETPRO MALWARE PUP.InstallMetrix.L SSL Certificate
(malware.rules)
  2810902 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(14HpboFGgSYYjs1Swzf6hnViC7zrYT8hSR) (trojan.rules)
  2810930 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(1HxajhAGoY6UVwLoWqvesA1si68AYkD1f) (trojan.rules)
  2810941 - ETPRO CURRENT_EVENTS Fiesta EK Landing May 11 2015
(current_events.rules)
  2810943 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(lexx777919.1) (trojan.rules)
  2810954 - ETPRO CURRENT_EVENTS Fiesta EK IE Exploit May 11 2015
(current_events.rules)
  2810985 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Feb 28 2015
M2 (current_events.rules)
  2810987 - ETPRO TROJAN Win32/Spy.Shiz SSL Cert (trojan.rules)
  2810988 - ETPRO TROJAN Win32/Spy.Shiz SSL Cert (trojan.rules)
  2810997 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(16pVURBYwV7ZRfr24oJHbKKb9mdGmz7C8) (trojan.rules)
  2811030 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(sabyd.1) (trojan.rules)
  2811046 - ETPRO TROJAN TorrentLocker SSL Cert (trojan.rules)
  2811051 - ETPRO TROJAN KINS Possible SSL Cert (trojan.rules)
  2811074 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(youguqm.yougu) (trojan.rules)
  2811085 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZmVsaXh3YWxkXzEwOm51dHRlbmVua2Vs) (trojan.rules)
  2811092 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(adins.worker11) (trojan.rules)
  2811102 - ETPRO TROJAN Ransom.Tox .onion Proxy Domain (trojan.rules)
  2811108 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(robertdursts.xx) (trojan.rules)
  2811113 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bG91bWFsb3VAbWFpbC5jb206cmFjY29vbjI=) (trojan.rules)
  2811114 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(U3A0UnRhX3dvcmtlcjphYmMxMjM=) (trojan.rules)
  2811126 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(realbob.1) (trojan.rules)
  2811153 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YWxwaGFkZWx0YS4yOnRlc3Q=) (trojan.rules)
  2811177 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4ea80c00) (trojan.rules)
  2811179 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fef2a00) (trojan.rules)
  2811180 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f92da01) (trojan.rules)
  2811181 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fb2fc05) (trojan.rules)
  2811183 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTFuM3JfQTp4RHhEaGd5dHJl) (trojan.rules)
  2811199 - ETPRO TROJAN DNS Andromeda/Gamarue Query to .onion proxy Domain
(74724z223r535723) (trojan.rules)
  2811202 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4e9eb800) (trojan.rules)
  2811203 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f984401) (trojan.rules)
  2811207 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f9c0605) (trojan.rules)
  2811209 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(5010e400) (trojan.rules)
  2811211 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48131400) (trojan.rules)
  2811235 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(RG9ndHJhaW4ubWFwaXRlOndoaXBwaXQ=) (trojan.rules)
  2811236 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(am9obnJvcGVyLmdsb2JsZXI6U0hEM1ZOYXk=) (trojan.rules)
  2811253 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4e978201) (trojan.rules)
  2811254 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fbee601) (trojan.rules)
  2811255 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4815e600) (trojan.rules)
  2811256 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fa9aa03) (trojan.rules)
  2811261 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f45c202) (trojan.rules)
  2811262 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4ea71a01) (trojan.rules)
  2811263 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f239c07) (trojan.rules)
  2811286 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f776800) (trojan.rules)
  2811288 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fa8c806) (trojan.rules)
  2811290 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(496e2a00) (trojan.rules)
  2811291 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4b433a01) (trojan.rules)
  2811292 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f9d8c04) (trojan.rules)
  2811294 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4b156e01) (trojan.rules)
  2811314 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4b48dc00) (trojan.rules)
  2811315 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4af8fc00) (trojan.rules)
  2811316 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(35634575685678568.3) (trojan.rules)
  2811317 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fa98a05) (trojan.rules)
  2811318 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(50139200) (trojan.rules)
  2811319 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fb6c804) (trojan.rules)
  2811321 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f3e9600) (trojan.rules)
  2811322 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fcba600) (trojan.rules)
  2811323 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fed7803) (trojan.rules)
  2811377 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(50427007) (trojan.rules)
  2811378 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f2de000) (trojan.rules)
  2811384 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(NDNxZkdoY1NaS1U4d3h) (trojan.rules)
  2811407 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4e8fc202) (trojan.rules)
  2811408 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f368800) (trojan.rules)
  2811409 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48a90e00) (trojan.rules)
  2811410 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f9bbc05) (trojan.rules)
  2811412 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f761200) (trojan.rules)
  2811436 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(50196e01) (trojan.rules)
  2811441 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fbdae02) (trojan.rules)
  2811443 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4af28000) (trojan.rules)
  2811480 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bW9pX3dvcmtlcjpPbHltcGlxdWUxMw==) (trojan.rules)
  2811510 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f835200) (trojan.rules)
  2811512 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fb1aa05) (trojan.rules)
  2811513 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(5008fc00) (trojan.rules)
  2811514 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4ea53800) (trojan.rules)
  2811515 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fafa000) (trojan.rules)
  2811516 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(500fca02) (trojan.rules)
  2811545 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f9ef404) (trojan.rules)
  2811546 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f4cc200) (trojan.rules)
  2811548 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4b444401) (trojan.rules)
  2811549 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4bb40200) (trojan.rules)
  2811551 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4e8e7601) (trojan.rules)
  2811552 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fa10400) (trojan.rules)
  2811553 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f241404) (trojan.rules)
  2811554 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f8ebc01) (trojan.rules)
  2811555 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f9e8402) (trojan.rules)
  2811557 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4ff5ba00) (trojan.rules)
  2811585 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Rmlubl9GaW5uOmFiY2QxMjM0) (trojan.rules)
  2811600 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Y3ZjeWN2Y0B5YW5kZXgucnVfdjo3Nzc=) (trojan.rules)
  2811617 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWlkb3h0bi53b3JrZXI6bWlkb3h0bg==) (trojan.rules)
  2811618 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f668e02) (trojan.rules)
  2811619 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fb5da00) (trojan.rules)
  2811621 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(500cec00) (trojan.rules)
  2811625 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fb73408) (trojan.rules)
  2811626 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f8eba03) (trojan.rules)
  2811643 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4eca6e01) (trojan.rules)
  2811644 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f919807) (trojan.rules)
  2811645 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48eee602) (trojan.rules)
  2811648 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(3b5c1201) (trojan.rules)
  2811649 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fb32e07) (trojan.rules)
  2811677 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4eaffe02) (trojan.rules)
  2811678 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47ec9801) (trojan.rules)
  2811679 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f905c04) (trojan.rules)
  2811681 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f46e003) (trojan.rules)
  2811683 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(btcpro) (trojan.rules)
  2811684 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f314602) (trojan.rules)
  2811685 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fb2f400) (trojan.rules)
  2811704 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(3c1b0c00) (trojan.rules)
  2811705 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(50ceb800) (trojan.rules)
  2811706 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f614000) (trojan.rules)
  2811714 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(50424e0d) (trojan.rules)
  2811716 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4faa3804) (trojan.rules)
  2811725 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fecba00) (trojan.rules)
  2811728 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4b592600) (trojan.rules)
  2811729 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f32e802) (trojan.rules)
  2811752 - ETPRO TROJAN CoinMiner Known malicious stratum authline
2015-06-30 (trojan.rules)
  2811759 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUZIajNhc2pMZHhjN0V1Y1l0cEFydkRITUhkZVdZTlVuTjp4) (trojan.rules)
  2811766 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(1Na4UFCkw1jwnU25bJSdmfKvxAfnCbumTG) (trojan.rules)
  2811768 - ETPRO TROJAN CoinMiner Known malicious stratum authline
2015-07-01 (trojan.rules)
  2811876 - ETPRO TROJAN CryptoLocker SSL Cert (trojan.rules)
  2811923 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cGFyYWRpc29zYWxlczFAZ21haWwuY29tX3ptcToxMjM0NQ==) (trojan.rules)
  2812001 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(500c7800) (trojan.rules)
  2812358 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MmF3ZXNvbWU0bXlzZWxmXzE6MTIz) (trojan.rules)
  2812360 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZGVlcG1pbmVjb29sQGdtYWlsLmNvbTpvbmM0Mnl0OW1jOXA4MjE0NTJjNDI=)
(trojan.rules)
  2812361 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(U1puWFN5VExzNFBSTldxblgyYWpMazgxTkhrZmVIMjhFSjp4) (trojan.rules)
  2812362 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(UGwweGRfd29ya2VyMTp3b3JrZXJwYXNzMQ==) (trojan.rules)
  2812364 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c2RndHpqempAbWFpbC5jb21fbG9sOmttb2w=) (trojan.rules)
  2812365 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Z2lnYWhhc2hfbWluZXI6cGFzcw==) (trojan.rules)
  2812366 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZWx2aXNyZW5lLjY6MQ==) (trojan.rules)
  2812367 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Y2F6YW5vdmExNjNfY2F6YW5vdmE6MTYz) (trojan.rules)
  2812368 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cm1kYW45MC5rYXR5OmthdHlkZW1p) (trojan.rules)
  2812627 - ETPRO CURRENT_EVENTS Malicious Redirect Leading to EK Aug 21
2015 T3 (current_events.rules)
  2812676 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bXl0aHhfMTExOnBhdmxha2E=) (trojan.rules)
  2814177 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c2FiYW5AZmFjYS5iYV9zdWI6MTU2MzAz) (trojan.rules)
  2814178 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZG1pdHJfbGFsYWxkczpodWh1YWE=) (trojan.rules)
  2814181 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bW9udGUyLjRjYXJsbzFAaG90bWFpbC5jb21fMTIzNDU2NzpDb3Vydml4) (trojan.rules)
  2814425 - ETPRO TROJAN JS/RecJS DNS Lookup (askpotubeda.isteingeek.de)
(trojan.rules)
  2814427 - ETPRO TROJAN JS/RecJS DNS Lookup (griahost.servebbs.com)
(trojan.rules)
  2814757 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-04 1) (trojan.rules)
  2814981 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c3RhbmtvdmljX2xlamxhOnplbmljYQ==) (trojan.rules)
  2815016 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(a2luaW1hX2s6ZGFrYTk4Mg==) (trojan.rules)
  2815304 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bGlwdG9ud29yazo3NDE4NTI5NjM=) (trojan.rules)
  2815417 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-12-21 1) (trojan.rules)
  2815622 - ETPRO TROJAN Sacto SSL Cert (trojan.rules)
  2815628 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(UmVhc2VuLmFuZHJvOmFuZHJv) (trojan.rules)
  2815788 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(RmFwcGVyX05pZ2dlclNsYXZlOk5pZ2dlclNsYXZlMTAx) (trojan.rules)
  2816179 - ETPRO TROJAN Malicious SSL certificate detected
(Backdoor.Mizzmo) (trojan.rules)
  2816267 - ETPRO TROJAN Possible Fowap DNS Lookup (trojan.rules)
  2819698 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-04-12 2) (trojan.rules)

Date:
Summary title:
3 new Open, 29 new Pro (3 + 26). Detplock, Orsam, Mirai, Various Phishing, Ongoing Rule Pruning.